Malformed MSIs are transactions to the special address range that do not have proper attributes of MSI requests. Such malformed transactions are detected and aborted by the platform, before they are subject to further interrupt remapping/processing. For RAS purposes, some platforms may be configured to support System Error Reporting (SERR) capability. These platforms raise a PCI system error (SERR#) due to Unsupported Request, which are typically delivered as Non-Maskable Interrupts (NMI), to report such errors to software. Depending on hypervisor and Dom0 kernel configuration, such an NMI may be handled by the hypervisor/Dom0 or can result in a host software halt ("panic"). On platforms with SERR enabled, such malformed MSI requests can be generated by guest OS with an assigned device, causing hypervisor/Dom0 receive NMI despite using VT-d and interrupt remapping for device assignment. A malicious domain, given access to a device which bus mastering capable, can mount a denial of service attack affecting the whole system. Only systems using Intel VT-d for PCI passthrough and enabled SERR are vulnerable. This issue can be avoided by not assigning PCI devices to untrusted guests. References: http://seclists.org/oss-sec/2013/q3/421 Acknowledgements: Red Hat would like to thank the Xen and KVM upstreams for reporting this issue. Xen upstream acknowledged Gábor PÉK of CrySyS Lab as the original reporter
Statement: This is hardware issue related to Intel VT-d, affecting all hypervisors (such as Xen and KVM) using Intel VT-d for guest PCI passthrough.